spring-authorization-server
spring-authorization-server copied to clipboard
spring-projects
Spring Authorization Server
**Describe the bug** When check the client id and secret which load from database, the jwt code are always be generated even the client id is expred. **To Reproduce** set...
E.g:  methods and params thank!
**Expected Behavior** There are so many default endpoints such as /oauth2/token, /oauth/introspect endpoints, any possible that those endpoints be exposed to swagger ui when integrated with [springdoc](https://springdoc.org) **Current Behavior** Can...
**Expected Behavior** For a redirectUri of `com.example.app:/oauth2redirect/example-provider` to validate. **Current Behavior** It does not validate. [OAuth2AuthorizationCodeRequestAuthenticationProvider.java#L594](https://github.com/spring-projects/spring-authorization-server/blob/a5e6b032de0046f63ccba40ec6f56accc700ddf9/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationProvider.java#L594) requires a redirectUri to have a host which is not required for private-use URI...
In spring security, use SpringSecurityMessageSource.getAccessor() to support internationalization. Can the spring-authorization-server project also use a similar method to support internationalization?
`org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationProvider#DEFAULT_STATE_GENERATOR` Is it a static final field, can it support setting the generator through the setter method?
Add logging
We need to add logging to allow for more efficient troubleshooting during error conditions.
My current project needs to use third-party authentication, and the other party is not compatible with oauth2, but it can obtain an opaque token, and through the opaque token, user...
